SAP - TINET - Tarragona Internet

Chapter 14

IT GRC

In This Chapter

Figuring out IT GRC in terms of risk and compliance

Securing software applications

Protecting corporate assets

S

o far, this book has been a general argument for instituting a Governance,

Risk and Compliance regimen within your organization. In this chapter,

we discuss the very significant role that IT plays in supporting and managing

GRC efforts. IT must be appropriately monitored and up to the task at hand in

order for the system to function and to comply with regulations, such as SOX.

What you don’t know about IT GRC can and will come and bite you in the

tuckus. Why? SOX and other regulatory initiatives, both financial and opera-

tional, have set responsibility for protecting the integrity of financial report-

ing on the shoulders of CEOs and directors, which we are sure is something

you have heard ad nauseam.

The reality of this situation is that companies have had to initiate a host of

policies, procedures, and internal controls to live up to that mandate. And

although corporate officers cannot be expected to know every iota of detail

about what is going on under the hood, they must have a depth of under-

standing of the efficiency of the company’s internal controls, policies, and

procedures in order to competently certify the company’s financial reporting.

Simply saying, “Hey, we got IT all over the place” is not going to be enough if

federal regulators and auditors come sniffing around the front door. To meet

the requirement that you “competently certify the company’s financial

reporting,” not to mention live up to a whole host of other regulations, such

as those requiring data privacy, you must have effective controls in place,

which means effective use of IT and policies surrounding technology. In this

chapter, we cover the many tools you can use to protect data and secure IT

assets.